Privacy Policy

1. Who We Are

Quality QR is a QR code generation and analytics platform operated by:

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

• Email address (required for account creation and communication)
• Name (optional, for personalization)
• Avatar selection (optional)
• Authentication credentials (securely hashed, never stored in plain text)

2.2 Payment Data

For paid subscriptions, payment processing is handled by Stripe. We store only:

• Stripe customer ID (reference only)
• Subscription status and plan type

We never store your full credit card number, CVV, or other payment card details.

2.3 QR Code Scan Analytics

When someone scans your dynamic QR code, we collect:

• Hashed IP address — SHA-256 hashed for unique visitor counting
• Geolocation — Country, city, region from Cloudflare headers
• Device information — Device type, browser, OS
• User agent string — Browser identification
• Referrer URL — Source page (if available)
• Timestamp — When the scan occurred

2.4 Feature-Specific Data

Depending on features you use, we may collect:

• A/B Test data — Test configurations, variant URLs, traffic distribution, and performance metrics
• Bundle/Campaign data — Campaign names, associated QR codes, and aggregated analytics
• Alert configurations — Threshold settings, notification preferences, and trigger history
• Version history — QR code configuration changes and timestamps for rollback capability
• Design templates — Saved QR code design configurations (colors, patterns, logos) for reuse
• Team collaboration data — Team membership, roles, invitations, and audit logs of team actions

3. How We Use Your Data

We use your data for:

• Providing QR code generation and tracking services
• Displaying scan analytics in your dashboard
• Processing payments and managing subscriptions
• Sending essential account notifications
• Improving our services through aggregated analytics
• Preventing fraud and abuse
• Complying with legal obligations

Legal Basis for Processing (GDPR)

• Contract: Processing necessary to provide our services
• Legitimate Interest: Analytics and service improvements
• Consent: Marketing communications
• Legal Obligation: Compliance with laws

4. Third-Party Data Processors

We work with trusted third-party providers:

5. Data Retention

We retain your data for:

6. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion ("right to be forgotten")
• Portability: Receive data in machine-readable format
• Restriction: Limit processing of your data
• Object: Object to legitimate interest processing
• Withdraw Consent: Withdraw consent anytime

Exercise these rights via account settings or contact gdpr@quality-qr.app

7. Cookies

We use cookies to provide our services:

8. Data Security

We protect your data with:

• Encryption in transit (TLS/HTTPS)
• Encryption at rest for sensitive data
• Password hashing using industry-standard algorithms
• IP address hashing (SHA-256 with salt)
• Access controls and authentication
• Regular security assessments

9. International Data Transfers

Our primary processing occurs in the EU. For transfers outside the EU, we use:

• EU Standard Contractual Clauses
• Adequacy decisions by the European Commission
• Binding Corporate Rules (where applicable)

10. Changes to This Policy

We will notify you of changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• Email notification for material changes

11. Contact Us

Questions about this policy? Contact us:

Supervisory Authority

You may lodge a complaint with the Estonian Data Protection Inspectorate: